org.springframework.vault.authentication.AppRoleAuthenticationOptions Java Examples

The following examples show how to use org.springframework.vault.authentication.AppRoleAuthenticationOptions. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: EnvironmentVaultConfiguration.java    From spring-vault with Apache License 2.0 6 votes vote down vote up
protected ClientAuthentication appRoleAuthentication() {

		String roleId = getProperty("vault.app-role.role-id");
		String secretId = getProperty("vault.app-role.secret-id");
		String path = getProperty("vault.app-role.app-role-path",
				AppRoleAuthenticationOptions.DEFAULT_APPROLE_AUTHENTICATION_PATH);

		Assert.hasText(roleId, "Vault AppRole authentication: RoleId (vault.app-role.role-id) must not be empty");

		AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder()
				.roleId(RoleId.provided(roleId)).path(path);

		if (StringUtils.hasText(secretId)) {
			builder = builder.secretId(SecretId.provided(secretId));
		}

		return new AppRoleAuthentication(builder.build(), restOperations());
	}
 
Example #2
Source File: AppRoleClientAuthenticationProviderTests.java    From spring-cloud-config with Apache License 2.0 6 votes vote down vote up
@Test
public void appRoleWithFullPull() {

	VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
	properties.setToken("token");
	properties.getAppRole().setRole("my-role");

	AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getAppRole()).isEqualTo("my-role");
	assertThat(options.getRoleId())
			.isInstanceOf(RoleId.pull(VaultToken.of("token")).getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
 
Example #3
Source File: AppRoleClientAuthenticationProviderTests.java    From spring-cloud-config with Apache License 2.0 6 votes vote down vote up
@Test
public void appRoleRoleIdProvidedSecretIdPull() {

	VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
	properties.setToken("token");
	properties.getAppRole().setRoleId("foo");
	properties.getAppRole().setRole("my-role");

	AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getAppRole()).isEqualTo("my-role");
	assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
 
Example #4
Source File: ClientAuthenticationFactoryUnitTests.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdPull() {

	VaultProperties properties = new VaultProperties();
	properties.setToken("token");
	properties.getAppRole().setRoleId("foo");
	properties.getAppRole().setRole("my-role");

	AppRoleAuthenticationOptions options = ClientAuthenticationFactory
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getAppRole()).isEqualTo("my-role");
	assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
 
Example #5
Source File: ClientAuthenticationFactoryUnitTests.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
@Test
public void shouldSupportAppRoleFullPull() {

	VaultProperties properties = new VaultProperties();
	properties.setToken("token");
	properties.getAppRole().setRole("my-role");

	AppRoleAuthenticationOptions options = ClientAuthenticationFactory
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getAppRole()).isEqualTo("my-role");
	assertThat(options.getRoleId())
			.isInstanceOf(RoleId.pull(VaultToken.of("token")).getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
 
Example #6
Source File: AppRoleClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 6 votes vote down vote up
private static AppRoleAuthenticationOptions.SecretId getSecretId(
		VaultEnvironmentProperties vaultProperties,
		VaultEnvironmentProperties.AppRoleProperties appRole) {

	if (StringUtils.hasText(appRole.getSecretId())) {
		return AppRoleAuthenticationOptions.SecretId.provided(appRole.getSecretId());
	}

	if (StringUtils.hasText(vaultProperties.getToken())
			&& StringUtils.hasText(appRole.getRole())) {
		return AppRoleAuthenticationOptions.SecretId
				.pull(VaultToken.of(vaultProperties.getToken()));
	}

	if (StringUtils.hasText(vaultProperties.getToken())) {
		return AppRoleAuthenticationOptions.SecretId
				.wrapped(VaultToken.of(vaultProperties.getToken()));
	}

	return AppRoleAuthenticationOptions.SecretId.absent();
}
 
Example #7
Source File: AppRoleClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 6 votes vote down vote up
private static AppRoleAuthenticationOptions.RoleId getRoleId(
		VaultEnvironmentProperties vaultProperties,
		VaultEnvironmentProperties.AppRoleProperties appRole) {

	if (StringUtils.hasText(appRole.getRoleId())) {
		return AppRoleAuthenticationOptions.RoleId.provided(appRole.getRoleId());
	}

	if (StringUtils.hasText(vaultProperties.getToken())
			&& StringUtils.hasText(appRole.getRole())) {
		return AppRoleAuthenticationOptions.RoleId
				.pull(VaultToken.of(vaultProperties.getToken()));
	}

	if (StringUtils.hasText(vaultProperties.getToken())) {
		return AppRoleAuthenticationOptions.RoleId
				.wrapped(VaultToken.of(vaultProperties.getToken()));
	}

	throw new IllegalArgumentException("Any of '" + VAULT_PROPERTIES_PREFIX
			+ "app-role.role-id', '.token', "
			+ "or '.app-role.role' and '.token' must be provided if the "
			+ AuthenticationMethod.APPROLE + " authentication method is specified.");
}
 
Example #8
Source File: AppRoleClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 6 votes vote down vote up
static AppRoleAuthenticationOptions getAppRoleAuthenticationOptions(
		VaultEnvironmentProperties vaultProperties) {

	VaultEnvironmentProperties.AppRoleProperties appRole = vaultProperties
			.getAppRole();

	AppRoleAuthenticationOptions.AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions
			.builder().path(appRole.getAppRolePath());

	if (StringUtils.hasText(appRole.getRole())) {
		builder.appRole(appRole.getRole());
	}

	AppRoleAuthenticationOptions.RoleId roleId = getRoleId(vaultProperties, appRole);
	AppRoleAuthenticationOptions.SecretId secretId = getSecretId(vaultProperties,
			appRole);

	builder.roleId(roleId).secretId(secretId);

	return builder.build();
}
 
Example #9
Source File: AppRoleClientAuthenticationProviderTests.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Test
public void appRoleRoleIdProvidedSecretIdWrapped() {

	VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
	properties.setToken("token");
	properties.getAppRole().setRoleId("foo");

	AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
 
Example #10
Source File: AppRoleClientAuthenticationProviderTests.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Test
public void appRoleRoleIdWrappedSecretIdProvided() {

	VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
	properties.setToken("token");
	properties.getAppRole().setSecretId("bar");

	AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getRoleId())
			.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.provided("bar").getClass());
}
 
Example #11
Source File: AppRoleClientAuthenticationProviderTests.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Test
public void appRoleFullWrapped() {

	VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
	properties.setToken("token");

	AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getRoleId())
			.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
 
Example #12
Source File: AppRoleClientAuthenticationProviderTests.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Test
public void appRoleRoleIdProvidedSecretIdAbsent() {

	VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
	properties.getAppRole().setRoleId("foo");

	AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
	assertThat(options.getSecretId()).isInstanceOf(SecretId.absent().getClass());
}
 
Example #13
Source File: AppRoleClientAuthenticationProviderTests.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Test
public void appRoleRoleIdProvidedSecretIdProvided() {

	VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
	properties.getAppRole().setRoleId("foo");
	properties.getAppRole().setSecretId("bar");

	AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.provided("bar").getClass());
}
 
Example #14
Source File: AppRoleClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	AppRoleAuthenticationOptions options = getAppRoleAuthenticationOptions(
			vaultProperties);

	return new AppRoleAuthentication(options, vaultRestOperations);
}
 
Example #15
Source File: ClientAuthenticationFactoryUnitTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdWrapped() {

	VaultProperties properties = new VaultProperties();
	properties.setToken("token");
	properties.getAppRole().setRoleId("foo");

	AppRoleAuthenticationOptions options = ClientAuthenticationFactory
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
 
Example #16
Source File: ClientAuthenticationFactoryUnitTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSupportAppRoleRoleIdWrappedSecretIdProvided() {

	VaultProperties properties = new VaultProperties();
	properties.setToken("token");
	properties.getAppRole().setSecretId("bar");

	AppRoleAuthenticationOptions options = ClientAuthenticationFactory
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getRoleId())
			.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.provided("bar").getClass());
}
 
Example #17
Source File: ClientAuthenticationFactoryUnitTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSupportAppRoleFullWrapped() {

	VaultProperties properties = new VaultProperties();
	properties.setToken("token");

	AppRoleAuthenticationOptions options = ClientAuthenticationFactory
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getRoleId())
			.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
 
Example #18
Source File: ClientAuthenticationFactoryUnitTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdAbsent() {

	VaultProperties properties = new VaultProperties();
	properties.getAppRole().setRoleId("foo");

	AppRoleAuthenticationOptions options = ClientAuthenticationFactory
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
	assertThat(options.getSecretId()).isInstanceOf(SecretId.absent().getClass());
}
 
Example #19
Source File: ClientAuthenticationFactoryUnitTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdProvided() {

	VaultProperties properties = new VaultProperties();
	properties.getAppRole().setRoleId("foo");
	properties.getAppRole().setSecretId("bar");

	AppRoleAuthenticationOptions options = ClientAuthenticationFactory
			.getAppRoleAuthenticationOptions(properties);

	assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
	assertThat(options.getSecretId())
			.isInstanceOf(SecretId.provided("bar").getClass());
}
 
Example #20
Source File: ClientAuthenticationFactory.java    From spring-cloud-vault with Apache License 2.0 4 votes vote down vote up
static AppRoleAuthenticationOptions getAppRoleAuthenticationOptions(
		VaultProperties vaultProperties) {

	AppRoleProperties appRole = vaultProperties.getAppRole();

	AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions
			.builder().path(appRole.getAppRolePath());

	if (StringUtils.hasText(appRole.getRole())) {
		builder.appRole(appRole.getRole());
	}

	RoleId roleId = getRoleId(vaultProperties, appRole);
	SecretId secretId = getSecretId(vaultProperties, appRole);

	builder.roleId(roleId).secretId(secretId);

	return builder.build();
}
 
Example #21
Source File: ClientAuthenticationFactory.java    From spring-cloud-vault with Apache License 2.0 3 votes vote down vote up
private ClientAuthentication appRoleAuthentication(VaultProperties vaultProperties) {

		AppRoleAuthenticationOptions options = getAppRoleAuthenticationOptions(
				vaultProperties);

		return new AppRoleAuthentication(options, this.restOperations);
	}
 
Example #22
Source File: HashicorpKeyVaultServiceFactoryUtil.java    From tessera with Apache License 2.0 3 votes vote down vote up
ClientAuthentication configureClientAuthentication(KeyVaultConfig keyVaultConfig, EnvironmentVariableProvider envProvider, ClientHttpRequestFactory clientHttpRequestFactory, VaultEndpoint vaultEndpoint) {

        final String roleId = envProvider.getEnv(HASHICORP_ROLE_ID);
        final String secretId = envProvider.getEnv(HASHICORP_SECRET_ID);
        final String authToken = envProvider.getEnv(HASHICORP_TOKEN);

        if(roleId != null && secretId != null) {

            AppRoleAuthenticationOptions appRoleAuthenticationOptions = AppRoleAuthenticationOptions.builder()
                .path(keyVaultConfig.getProperty("approlePath").get())
                .roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId))
                .secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId))
                .build();

            RestOperations restOperations = VaultClients.createRestTemplate(vaultEndpoint, clientHttpRequestFactory);

            return new AppRoleAuthentication(appRoleAuthenticationOptions, restOperations);

        } else if (Objects.isNull(roleId) != Objects.isNull(secretId)) {

            throw new HashicorpCredentialNotSetException("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method");

        } else if (authToken == null){

            throw new HashicorpCredentialNotSetException("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method.  Alternatively set " + HASHICORP_TOKEN + " to authenticate using the Token method");
        }

        return new TokenAuthentication(authToken);
    }